Oracle Security Update Patch July 2011 - How to know if i am affected?

This applies to any patches in general, and is not specific to the Oracle CPUs/ARUs etc. It is impossible for most software patches to be completely compatible with the existing version of the software and any software (including yours) that depends on it.

If you are rolling out a patch to production, a sensible roll-out policy would always involve testing the patch against a replica of the production instance. Like I stated earlier, this does not apply to the Oracle CPUs or ARUs alone; it applies to other artifacts like OS updates, configuration changes, anti-virus updates and any change that could break your application in production, or even modify the runtime behavior of the application.

Also, it doesn't hurt to take a backup of the production instance, before applying the patch. Most updates from Oracle recommend taking a backup, so that any failed patch installation can be rolled back without extending the potential downtime period.

The patchset release notes would guide you in establishing a minimum set of tests that you have to run before rolling out the update, but it is not necessary that a release note contains this information. It could be present in the bug databases associated with the product (this would be Oracle Support for the Oracle database, and possibly the Sun bug database for the Oracle JDK), and you have to perform the hard work of mapping the bug fixes to potential test candidates. If are unsure, you should still have a smoke test suite that you can run to ensure that a roll-out does not break your application.

On the Oracle 9.2.0.8 front, this product is no longer under active support from Oracle and no new bug fixes are being released.

If security is an issue, you should consider an upgrade to the Oracle 11.2.0.2 version (as 10gR2 is also receding quickly in the rear view mirror).